Germany Country Report - Enisa - Europa

More documents

Recommendations

Info

8 Germany Country Report BMWi Eckpunkte zur TKG-Novelle (2010) This 2010 publication of the German Federal Ministry of Economics and Technology – Bundesministerium für Wirtschaft und Technologie (BMWi) provides an overview over the proposed changes to the telecommunication act TGK 5 , which are based on European Commission directive for a common regulatory framework for electronic communications networks and services (2009/140/EC). The proposed changes are currently under review of the authority of the BMWi. This publication covers the following relevant areas of the EC directive: Better Regulation � Improvements of the conditions for infrastructure investments and competition as well as optimizing the regulatory framework: the new framework of the broadband expansion and investments of the next generation network (NGN) includes regulation principles regarding competitive encouragement of efficient investment and innovation of new and improved infrastructures. � Technology neutral design and flexibility of the bandwidth usage � Changes regarding broadcasting: includes the implementation of the European directives of digital television receiver (2002/22/EC) � Security and integrity of network and services: including an information and report system for security violation or the lost of integrity of public communication services. � General compliance with EC directives Citizens’ Rights � Consumer rights: the telecommunication industry will be forced to provide information to the BNetzA (Bundesnetzagentur or Federal Network Agency) regarding e.g. price, network quality and end-user contract requirements. � Data protection and data security: increase the private data of the end-user. BSI Act to Strengthen the Security of Federal Information Technology (2009) On August 14 th 2009 the Bundestag has passed the “Act to Strengthen the Security of Federal Information Technology”. The law provides the details on the main tasks of the Federal Office for Information Security -Bundesamt für Sicherheit in der Informations technik (BSI). It stipulates that BSI is the central reporting office for cooperation among federal authorities in matters related to the security of information technology (protection against malicious software and threats to federal communications technology, destruction of personal data, and warnings - security vulnerabilities). In addition, the act declares BSI as the national certification authority of the federal administration for IT security and acts as authority to issue statutory instruments. eSignatures Legislation The European Directive 1999/93/EC of 13 December 1999 on a Community framework for electronic signatures was transposed into German legislation through a series of acts: � The 2001 law on the framework for electronic signatures and for amending other provisions – it regulates the necessary secure infrastructure for the use of electronic signatures; � The Electronic signature ordinance 6 of 16.11.2001, amended by Art. 2 law of 04.01.2005 - setting out standard requirements and responsibilities for certification authorities as well as minimum requirements for technical components used to create digital signatures; � The first law amending 7 the Signature Act (1. SigG) of 04.01.2005. 5 See: http://www.bmwi.de/BMWi/Redaktion/PDF/Publikationen/eckpunkte-tkg-novelle- 2010,property=pdf,bereich=bmwi,sprache=de,rwb=true.pdf 6 See more details at: http://www.bundesnetzagentur.de/media/archive/893.pdf
Germany Country Report The German Federal Network Agency for Gas, Telecommunications, Post, and Railway – Bundesnetzagentur für Elektrizität, Gas, Telekommunikation, Post und Eisenbahnen (BNetzA) is the competent authority on this topic. BNetzA supervises the certification service providers and in addition to its supervisory function is also an accreditation authority, recognises verification and confirmation agencies such as BSI. BNetzA is also the root instance for accredited service providers. eIdentification/eAuthentication 8 The BMI i.e. the BSI Bundesamt für Sicherheit in der Informationstechnik and the BMG-Bund Bundesministerium für Gesundheit - The Federal Ministry of Health are the relevant authorities in Germany regarding the e-identity cards eID, ePass and eGK. BMI – BSI Bundesamt für Sicherheit in der Informationstechnik eID � Electronic identity card � Introduced in November 1, 2010, equipped with a Radio Frequency Chip (RF chip) that includes personal data and a biometric photo of the eID owner � Fingerprints are not mandatory but could be included if the eID owner agrees � No central data storage of the eID information as covered by the act § 16 Datenschutzrechtliche Bestimmungen 9 – data protection regulation even those were requested from the eID owner � The eID could be used for eID applications which are provided by eGovernment and eBusiness 10 ePass � Private service companies could request to read in specific information on the eID (e.g. online shopping). The authorization of the data is reviewed and is granted for a limited period of time 11 � The authorization is given through authentication certificates which are requested during the terminal authentication (TA) 12 . The eID owner must enter the eID pin code before the encrypted data flows � The owner of the eID could request a signature function, which allows a digital signature. This signature has an official character and is implemented in the law of electronic signatures 13 � Electronic passport 14 � Introduced in November 1, 2005, equipped with a Radio Frequency Chip (RF chip) that includes personal data and a biometric photo of the ePass owner � Since November 1, 2007, the RF chip include mandatory and in line with the EC regulation nr. 2252/2004 15 fingerprints of the ePass owner 16 7 See the document at: http://bundesrecht.juris.de/sigg_2001/index.html 8 Source: Study on eID Interoperability for PEGS: http://ec.europa.eu/idabc/servlets/Docb482.pdf?id=32522 9 See: http://www.bmi.bund.de/SharedDocs/Downloads/DE/Themen/Sicherheit/PaesseAusweise/PassVwV.pdf?__blob =publicationFile 10 See: http://epractice.eu/en/factsheets/factsheet_all_chapters?filter=1&content_type=efactsheet_chapter&Countries =16&domain=10020&Factsheets_Topic=All&search=&op=Apply&form_build_id=formbcfdd2855590fef21d1a4f9043b9c965 11 See: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/ElekAusweise/Pressemappe_nPA/Innovationen_eID- Architektur_Deutschland.pdf?__blob=publicationFile 12 See: https://www.bsi.bund.de/cln_174/ContentBSI/Themen/Elekausweise/Sicherheitsmechanismen/TA/sicherheits mechanismenTA.html 13 See: http://www.gesetze-im-internet.de/sigg_2001/index.html 14 See: http://www.bamf.de/cln_118/DE/Infothek/FragenAntworten/eAufenthaltstitel/eAufenthaltstitel.html 15 See: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2004:385:0001:0006:EN:PDF 9
Page 1 and 2: Country Reports May 11 Germany Coun
Page 3 and 4: Germany Country Report Table of Con
Page 5 and 6: Germany Country Report NIS national
Page 7: The regulatory framework Germany Co
Page 11 and 12: Technical specification Germany Cou
Page 13 and 14: Germany Country Report � Universi
Page 15 and 16: Germany Country Report Other co-ope
Page 17 and 18: International co-operation Germany
Page 19 and 20: To achieve this goal, the EGC group
Page 21 and 22: Resilience aspects Germany Country
Page 23 and 24: NIS awareness at the country level
Page 25 and 26: Germany Country Report Country-spec
Page 27 and 28: Relevant statistics for the country
Page 29 and 30: Germany Country Report Statistics o
Page 31 and 32: APPENDIX Germany Country Report Nat
Page 33 and 34: CERT Role and responsibilities �
Page 35 and 36: CERT Role and responsibilities �
Page 37 and 38: Germany Country Report Industry org
Page 39 and 40: Germany Country Report Academic Org
Page 45 and 46: Germany Country Report 25,000 world

Germany Country Report - Enisa - Europa

Create successful ePaper yourself

Delete template?

Save as template?